Network policy shows both v4 and v6 CIDR even though Cluster/instance and everything is v4 #136
Comments
|
@vigneshsenapathy-hpe thanks for reporting this issue. We will look into this and keep you updated. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Amazon network policy endpoint shows that there is V4 and V6 cidr even though the Cluster/Instance/Pod and everything is v4. This is a day 1 issue and needs to be fixed the code should be more like if you have v6 enabled then the policy should have v6, if it doesnt have a v6 CIDR enabled network policy shouldn't have it and take over ports. VPC CNI 1.18.x has 24 open port limitation and if we add both v4 and v6 then you have 12 ports each
Example policy
apiVersion: networking.k8s.aws/v1alpha1
kind: PolicyEndpoint
metadata:
creationTimestamp: "2024-10-03T14:48:49Z"
generateName: policy_name
generation: 19
name: <policy_name>-vl8w4
namespace: default
ownerReferences:
blockOwnerDeletion: true
controller: true
kind: NetworkPolicy
name: policy_name
uid: 7f6a8d5b-5f5b-491f-8761-945f26094d8f
resourceVersion: "221306648"
uid: 5685a8f2-1e18-44db-8eab-87ad61198aa5
spec:
egress:
ports:
protocol: TCP
protocol: TCP
protocol: UDP
protocol: TCP
protocol: TCP
protocol: TCP
protocol: TCP
protocol: TCP
ports:
protocol: TCP
protocol: TCP
protocol: UDP
protocol: TCP
protocol: TCP
protocol: TCP
protocol: TCP
protocol: TCP
ingress:
ports:
protocol: TCP
protocol: TCP
ports:
protocol: TCP
protocol: TCP
podIsolation:
podSelector:
matchLabels:
orch: name
podSelectorEndpoints:
name:
namespace: default
podIP: <pod_ip>
name: <pod_name>
namespace: default
podIP: <pod_ip>
policyRef:
name: <policy_name>
namespace: default
Thanks,
Vignesh
The text was updated successfully, but these errors were encountered: